package com.sunlands.qdcy.deskmate.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;

/**
 * 资源服务器相关配置
 * @author liude
 * @author anjl
 * 本服务作为resource接入oauth认证时，使用该配置设置resourceId以及security的过滤
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    /**
     * 作为resource设置resourceId只有client账号拥有该权限时，才能访问该resource服务
     */
    @Value("${spring.application.name}")
    String resourceId;

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(resourceId);
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .httpBasic()
                .and()
                //执行logout的时候, 删除token
//                .logout().logoutSuccessUrl("/oauth/exit")
//                .and()
                .authorizeRequests()
                //swagger-ui
                .antMatchers("/swagger-ui.html",
                        "/webjars/**",
                        "/swagger-resources/**",
                        "/doc").permitAll()

        ;
    }


    /**
     * 为了能够在@PreAuthorize中使用oauth特有的配置, 加入此项
     */
    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    public static class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
        @Override
        protected MethodSecurityExpressionHandler createExpressionHandler() {
            return new OAuth2MethodSecurityExpressionHandler();
        }
    }
}